- name: Check current crypto-policy
  command: "update-crypto-policies --show"
  register: currentcryptopolicy
  failed_when: "1 != 1"
  changed_when: "1 != 1"
  check_mode: no
  tags:
  - crypto-policies
  - base/crypto-policies

- name: Check if policy is applied
  command: "update-crypto-policies --is-applied"
  register: cryptopolicyapplied
  failed_when: "1 != 1"
  changed_when: "1 != 1"
  check_mode: no
  tags:
  - crypto-policies
  - base/crypto-policies

- name: Set crypto-policy on fedora 33 and higher hosts back to default
  command: "update-crypto-policies --set DEFAULT"
  when: "ansible_distribution_major_version|int >= 33 and (currentcryptopolicy.stdout.find('DEFAULT') == -1 or cryptopolicyapplied.rc != 0)"
  check_mode: no
  tags:
  - crypto-policies
  - base/crypto-policies
